Researchers at Akamai have found holes in the installation stage of some phishing kits that would allow a second attacker to infiltrate and upload additional files, including any sort of executable code. These holes are also a perfect entry point for a hacker to gain access to the back end of an unwitting, legitimate web server. The main source of the problem is the slapdash way many of these kits are constructed, according to the firm’s research. Code reuse is a normal part of development in both the legitimate and cybercrime worlds, with open-source components widely adopted.
Source: https://threatpost.com/buggy-phishing-kits-criminals-cannibalize/145399/

